Main Page: Difference between revisions
| Line 44: | Line 44: | ||
* [http://www.w3.org/Help/Account/MailPassword/ password mailback] | * [http://www.w3.org/Help/Account/MailPassword/ password mailback] | ||
= old version of that wiki = | = // old version of that wiki // = | ||
// old version of the page // | // old version of the page // | ||
==Specs to review, groups to watch== | ==Specs to review, groups to watch== | ||
Revision as of 15:17, 30 April 2014
Welcome to the wiki of the W3C Web Security related activities.
This wiki is providing you with - an entry point to each group wiki - a reference to the important on-going deliverables, gathering efforts of security contributors in W3C
- WebAppSec WG
- WebCrypto WG
- XML Security WG (limited activity)
- Web Security Interest Group
Other important activities are happening on other groups and that may impact the web (security) model
W3C deliverables to monitor
Some working draft are currently discussed in those different groups and should require your review and comments :
- User Interface Security Directives for Content Security Policy at Last Call stage
- Web Crypto API at Last Call stage
- CORS 1.1 at WD draft
- Subresource Integrity at FPWD stage
How to contribute ?
You want to be part of this effort related to improving standards and implementations to advance the security of the Web?
- join the WG or IG
- contribute to this wiki
This wiki is open for contributions by all with a W3C account.
For general discussions, please refer to the public-web-security mailing list.
- request a Member account (use if you work for a W3C member company)
- request a Public account (use otherwise)
- password mailback
// old version of that wiki //
// old version of the page //
Specs to review, groups to watch
Most wiki activity is now taking place in the Web Security Interest Group.
Specs
Wiki pages containing information about these specifications:
- Content Security Policy (webappsec); use the public-webappsec@w3.org mailing list for discussion.
- XMLHttpRequest (webapps)
- CORS and Uniform Messaging Policy (webappsec); use the public-webappsec@w3.org mail list for related discussions
- HTML5 (html)
- Websockets (webapps)
- Anti-Clickjacking Requirements (webappsec); use the public-webappsec@w3.org mailing list for discussion.
Groups
Related Groups to Liaise With
Ongoing issues
- Trusted User Interface
- Same Origin Policy and Same Origin Policy by Adam Barth
- Cross Site Attacks
- Comparison of CORS and UMP (Work in progress)
Perhaps this wiki would be handy for thinking thru some security patterns the TAG is discussing under ISSUE-31 (metadatainURI-31)...
- Ungessable URI, Web Key, Email Confirmation
- Passwords In The Clear (maybe not worth bothering; the finding is done, I think)